Anonymous Services - Can We Get A List Going And Feedback?

I dug a little looking here on Wilders and didn't notice anything, at least not current and I wanted to ask that we make a list here and give some feedback and discuss the different anonymous services out there.

The last service I used was Relakks. It seemed to work nice, but I've heard some bad about it, keeping logs, etc., so I'm not to sure about them, but I'm considering using another anonymous vpn service and I'd really like to know what's going on out there over these types of services if anyone really stands out as one of the top services to use?

Xerobank (I actually used the service as a tester given to me by Steve when it began, so back then it was nice, now I don't know, haven't used it since it first started)https://xerobank.com/

As far as Relakks and Ipredator are concerned since they are in Sweden I don't know if this is still a problem for using a Swedish service;

In June the Swedish parliament passed a controversial surveillance law that gives authorities a mandate to read all email and listen in on all phone calls without warrant or court order. In response to the law, The Pirate Party organized rallies, bloggers and journalists turned into activists, and even Google decided to relocate their servers.

PPTP has seen a decline in use. Our recommendation is to switch to OpenVPN.

So please share what you know and let's get a nice list with some nice input...

THANKS

*** P.S. ATTENTION SPECIAL NOTICE SINCE POSTING IN NOVEMBER 1st, 2010! ***

When I first made this post back in November 1st, 2010, this was not only a personal quest I was on to enrich my own knowledge of these various types of services, but I realized there was a need to increase this knowledge for everyone, since it seems that trying to learn many things as it relates especially to VPNs and all the various providers online, difficult to say the least.

After all if you've spent any time on Wilders you'll notice the mass amounts of VPN questions because it's just not easy to tell who is worth investing time in trying, let alone worrying about your personal safety.

So after all this time I have finally realized when approaching a VPN provider for OpenVPN, there is only one question you need to ask this provider to see if they know what they are doing and if they give you back any other answer then leave them and move on to the next one until you find the correct reply.

Why is this so important above every other question? Because this is the ultimate question and one in which OpenVPN themselves have told me is the recommended way in which to do this and anything less is not good.

A OpenVPN provider should be providing you 4 files, regardless if they are saying their services are for Windows, Linux, or Apple, every OS is the same when it comes to OpenVPN, they all require the same thing, it doesn't matter.

Do not pick a VPN provider until you find one that says they give you all 4 files, then when you find one, you can consider asking them other questions you might have any concerns for.

Remember, OpenVPN told me this is what you want, so don't believe anything else a VPN provider might tell you, because I certainly don't, I place my trust in what OpenVPN has told me and so should you!

Also remember, just because they know what they are doing as far as this question is concerned, it still doesn't mean they are good at everything, or anything, it just means they have this very important part right that you need to know before going any further with them. But the fact that they offer all 4 files, they are probably doing a decent job...

This is the all important starting pointing from which to judge that service and then take from there!

Different services for different uses. For simple privacy at a cafe or whatever I like AlwaysVPN. It's prepaid but cheap. I buy 10GB at a time ($15) and it lasts forever for just surfing around. OpenVPN and it's very fast.

I also like JonDonym (The old JAP). Before anybody talks "backdoor" please educate yourself on the facts. They actually proved they walk the walk through the whole ordeal. I trust them implicitly.

A lot of fly-by-night outfits have come and gone - some marketed brilliantly and some still have services running but offer zero support, no forum and have all but disappeared.

And don't forget the best for anonymity (not privacy of information!) - Tor.

But one thing I will say is if you're looking for something free, I just downloaded Tor, I must say it's really improved and I'm using it in Comodo Dragon with the Chrome extension Proxy Switcher and it's pretty darn fast.

If you want to use it with the bundled Firefox portable you download the Tor Browser Bundle, if you want to use it with another browser you'll need the Vidalia Bundles.

I'm blown away by the speed I'm getting with Tor through the Dragon browser.

Boy they have really improved the speeds of Tor, so for now I'm hooked!

I'm so impressed I wrote a letter to the executive of Tor suggesting that I felt as a professional in IT that it would be in the best interest of the Tor community to have a an Official Tor forum and later IRC to help the growth of this community.

I also suggested if they can't afford a forum at the moment, maybe Wilders will welcome Tor here to have an Official forum here.

Privacy:
This is an issue with ALL VPN, SSH, what have you solutions. The way they work is the same: traffic is encrypted on your PC, goes to another Server (or more: "multi hop"), there it's decrypted and sent to a webserver.
So you've heard of TSL (="https"). This adds another layer of encryption that goes from your PC directly to the final destination. Good, we've cut out any middle man snooping. But there are two flaws:
TSL is weak. It's based on PKI and this can be fooled quite easily, certificate auhorities are known to give out certificates to just about anybody. A government level attacker can easily make MITM attacks against it (or they just raid the server directly).
Apart from that most people (well, not here on wilders) don't know how to respond to their browser warnings.
Second issue, quite a few, big name sites don't encrypt everything. The log in page is on https, the rest not and sometimes cookies are sent in clear.

The difference between Tor and the other options is that everybody can be an exit node i.e. can snoop traffic. VPN provider can do it too but there is the risk of detection, litigation, losing customers...

Anonymity:
Tor has several weakness, some more theoretical. Worst case scenario: a single adversary controls all three hops. I can't tell you how likely that scenario is. For strong anonymity you should browse .onion services only. You go through twice as many hops, the probability decreases accordingly.
Tor doesn't add padding for example, but VPNs don't either. Basically, against an IX level attacker Tor is stronger than those. But one can still find out a lot about the traffic flow, and even its content, despite encryption. If you really are worried about this, freenet (darknet mode) is the best solution. A low latency network can never be as secure.
All commercial providers have one flaw in common: They want to provide you anonymity, yet they have to know who you are. They see your IP and they see your destination. They know who you are, where you go and what you do. You can't be anonymous against your own anonymity provider. Now they all promise, we don't keep log, we don't do anything behind your back, but:
You can't verify that and they can be forced to do so by a powerful (or rich...) attacker. Decentralized networks (Tor, Freenet, i2p and others) don't work like that. They are all built on the presumption that you can trust nobody. But they make following bet: There are more good nodes than bad (and colluding!) nodes out there. As long as that is true, the system works. Let's hope it does because so far no one has come up with something stronger.

Please don't get to technical if you don't have to, some of the readers might not understand, me included, LOL...

Click to expand...

Haha, I thought I did explain in simple terms, not using much technical terms and that (except for the padding and IX part - this I just mentioned to demonstrate that there are further weaknesses without going into detail and explaining anything).

Ok so for all you've said can you now give a simple answer to these questions?

Click to expand...

Sorry to disappoint you but there are no simple answers. Pretending there are simple answers would be reckless on my part.

But with that disclaimer out of the way I'll try so you get a feeling for the topic. I'll use my own terminology, these are very generic terms and we'd really need to define them first. Please tell me if I missed what you meant with a question.

1: Tor is not "safe to use". It's easy to make mistakes when you are a first timer. Main point: the browser configuration, javascipt and flash or doing personal email over Tor those kind of errors. Torbutton makes it easy, it's a Firefox extension that takes care of configuring the browser to be safe. But you still need to be alert and at the minimum read the warnings on torproject.org
It's a well tested program, no nasty bugs and it's easy to deinstall.

2: Tor is secure in the sense that it does what it says on the tin. It's been out a while and any obvious backdoor or glaring security hole would have been detected.

3: Tor does not add any privacy protection. In fact it decreases your privacy. Instead of the ISP now random people on the internet can see your (plain text = unencrypted) traffic. It's like browsing unsecured wifi in Startbucks (http://www.theregister.co.uk/2010/11/04/firesheep_theatre/)
But you can protect yourself against it (https, adding VPN on top of tor, gpg encryption) and when you use .onion websites this problem doesn't exist.

4: yes
Goverment level agencies can still get you. A very determined attacker with large resources still can get you and there's a whole torrent of side channel attacks (usually requiring physical access to your home/pc).
But compared to VPN, ssh, proxies it's very strong anonymity. And there's no better alternative out there anyway...

I was just kidding about the technical, more for the newbies, me I'm cool.

1: Tor is not "safe to use", could you explain a little more about this?

2. Tor is secure, yes I'd hope so for as long as it's been around.

3. Tor does not add any privacy protection. Well this is nice to know, anyway in which an end-user can add in a layer of privacy while using Tor?

4. Yes we all hope and believe is good anonymity, that's what they're claiming and it's what we're all hoping. But in that I think people mix in privacy with that batch, so that takes us back to number 3 for some answers...

5. They, well anyone really, probably your run of the mill hack/hackers, problems you want to avoid like this etc...

By the way the post and replies aren't just for me, just things I'm asking and saying, etc...

1: it's not safe because it's easy to make mistakes. Good software is designed to make mistakes hard. I guess the tor bundle does follow this principle. Personally I always set up everything by hand.
My main worry is about people letting slip their true identity or online IDs that could be used to find out more about them. Like log into your email account, amazon, facebook, ebay, twitter... Someone watching you will find out who you are despite the best anonymity software. This btw applies to all solutions, not just Tor. Therefore I'd say none of them are "safe", i.e. fool-proof.

3: https://www.eff.org/https-everywhere or NoScript (options -> advanced -> https->behaviour->force sites to use https always, enter them like *example.com* press ENTER *next.com*) For emails you could use GnuPG to encrypt content, I'd only do that in addition to https encrypted email as GPG doesn't encrypt headers containing recipient and subject.

5: hacker? really? Apart from the fact that I don't like that term I think they are the least of your worries.
The way they typically work is at the client or server end, not the network level. That means Tor doesn't protect you against anything (well only local network snooping).
If they attack the server, you can do absolutely nothing about that. Happens all the time, not just injecting malware but stealing your credentials, private data and so on.
On the client side: If they got in - GAME OVER. Therefore good anonymity starts with host security. Tons of resources here on wilders.

Tor is hassle-free if you run the portable no-install version. It's called the "Tor Browser Bundle." It runs with its own Firefox already configured properly. You only need to confirm that by checking your IP after you start the browser from the TBB folder. It's totally self-contained.

Tor is definitely about hiding who you are (anonymity)...not the privacy of any information sent through Tor.